Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
symfony/ux-toolkit: Path Traversal Allows Arbitrary File Write and Read via Crafted Recipe Manifest High
CVE-2026-55878 was published for symfony/ux-toolkit (Composer) Jun 19, 2026
Kocal Credited to Kocal and Amoifr Amoifr Amoifr
symfony/ux-icons: XSS via unsanitized SVG content in local files and Iconify on-demand responses Moderate
CVE-2026-55877 was published for symfony/ux-icons (Composer) Jun 19, 2026
Kocal Credited to Kocal and Amoifr Amoifr Amoifr
symfony/ux-autocomplete: Information exposure via unescaped LIKE wildcards in EntitySearchUtil Moderate
CVE-2026-49211 was published for symfony/ux-autocomplete (Composer) Jun 19, 2026
Amoifr Credited to Amoifr and Kocal Kocal Kocal
symfony/ux-live-component: XSS via attacker-controlled child component tag Moderate
CVE-2026-49210 was published for symfony/ux-live-component (Composer) Jun 19, 2026
Amoifr Credited to Amoifr and Kocal Kocal Kocal
symfony/ux-live-component: Denial of service via unbounded batch action requests Low
CVE-2026-49209 was published for symfony/ux-live-component (Composer) Jun 19, 2026
Amoifr Credited to Amoifr and Kocal Kocal Kocal
ux-live-component: Format-less date LiveProps parsed with the permissive DateTime constructor Moderate
CVE-2026-49208 was published for symfony/ux-live-component (Composer) Jun 19, 2026
Amoifr Credited to Amoifr and Kocal Kocal Kocal
ProTip! Advisories are also available from the GraphQL API